<?php

/************************************

EasyCB, Community Forum Software
Copyright (C) 2007  Jonathon D. Keogh <jonathon.keogh@gmail.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

$Id: page.admin.users.php 124 2007-09-05 23:38:11Z jonathon.keogh $

************************************/

require "inc.func.php";

if(!user_loggedin() || user_level(user_name(sess_get("UserID"))) < 2)
{
	page_redirect("page.boards.php");
}

page_header("Users");

page_section();
print "<a href=\"page.admin.php\">Return to Administration tasks</a>";
if(isset($_GET['id']))
{
	print " - <a href=\"?\">Back to user list</a>";
}
page_section();

if(isset($_GET['id']) && user_exists(user_name($_GET['id'])))
{
	$action = isset($_GET['action']) ? $_GET['action'] : "";
	
	if($action == "delete")
	{
		page_section("Confirm your action");
?>

<p><b style="font-size: 15pt;">Are you sure you want to delete this user?</b><br>
	The user you've selected to delete: <?=htmlentities(user_name($_GET['id'])) ?></p>

<p>Deleting this user will not remove their posts. All their posts will now be under the user name "<?=htmlentities(user_name(0)) ?>".</p>

<p><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=delete_confirm">Confirm deletion</a> or <b><a href="?id=<?=urlencode($_GET['id']) ?>">Cancel deletion</a></b></p>

<?php
		page_section();
	} elseif($action == "delete_confirm") {
		if(sess_get("UserID") == $_GET['id'])
		{
			page_section("Error");
			print "You cannot delete yourself.";
			page_section();
		} else {
			db_query("DELETE FROM `" . config_get("db_prefix") . "users` WHERE `ID`='" . db_escape($_GET['id']) . "';");
			config_set("UserCount", config_get("UserCount") - 1);
			page_redirect("?");
		}
	} elseif($action == "info") {
		$user = db_query("SELECT * FROM `" . config_get("db_prefix") . "users` WHERE `ID`='" . db_escape($_GET['id']) . "';");
		$user = db_fetch_assoc($user);
		
		$_name = $user['Name'];
		$_title = $user['Title'];
		
		if(isset($_POST['name']))
		{
			$_name = trim($_POST['name']);
			$_title = trim($_POST['title']);
			
			if($_name == "")
			{
				$error = "No name given";
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Name`='" . db_escape($_name) . "', `Title`='" . db_escape($_title) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=info\" method=\"POST\">\n";
		page_section("User information");
?>

User name:<br>
<b><?=htmlentities(user_name($_GET['id'])) ?></b><br>
<br>
Name:<br>
<input name="name" value="<?=htmlentities($_name) ?>" size="40"><br>
<br>
Title:<br>
<input name="title" value="<?=htmlentities($_title) ?>" size="40"><br>
<br>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} elseif($action == "password") {
		if(isset($_POST['password1']))
		{
			$_password1 = $_POST['password1'];
			$_password2 = $_POST['password2'];
			
			if($_password1 == "")
			{
				$error = "No password given";
			} elseif($_password1 != $_password2) {
				$error = "The two passwords given do not match";
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Password`='" . md5($_password1) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=password\" method=\"POST\">\n";
		page_section("Change password");
?>

User name:<br>
<b><?=htmlentities(user_name($_GET['id'])) ?></b><br>
<br>
New password:<br>
<input name="password1" type="password" size="40"><br>
<br>
New password (confirm):<br>
<input name="password2" type="password" size="40"><br>
<br>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} elseif($action == "level") {
		$_level = user_level(user_name($_GET['id']));
		
		if(isset($_POST['level']))
		{
			$_level = $_POST['level'];
			
			if($_level < 0 || $_level > 2)
			{
				$error = "Invalid level";
			} else {
				db_query("UPDATE `" . config_get("db_prefix") . "users` SET `Level`='" . db_escape($_level) . "' WHERE `ID`='" . db_escape($_GET['id']) . "';");
				page_redirect("?id=" . urlencode($_GET['id']));
			}
		}
		
		if(isset($error))
		{
			page_section("An error occured");
			print "<b style=\"color: #FF0000;\">$error</b>";
			page_section();
		}
		
		print "<form onsubmit=\"document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';\" action=\"?id=" . urlencode($_GET['id']) . "&amp;action=level\" method=\"POST\">\n";
		page_section("User level");
?>

This user is currently a<?=($_level == 0 ? " normal user" : ($_level == 1 ? " moderator" : "n administrator")) ?>.<br>
<br>
User level:<br>
<select name="level">
	<option value="0"<?=($_level == 0 ? " selected" : "") ?>>Normal user</option>
	<option value="1"<?=($_level == 1 ? " selected" : "") ?>>Moderator</option>
	<option value="2"<?=($_level == 2 ? " selected" : "") ?>>Administrator</option>
</select>
<button type="submit" id="go">Submit changes</button>

<?php
		page_section();
		print "</form>\n";
	} else {
		page_section("Select a task");
?>

<p>Select a task to perform on this user:</p>
<ul>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=info">Edit user information</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=password">Change user's password</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=level">Change user's level</a></li>
	<li><a href="?id=<?=urlencode($_GET['id']) ?>&amp;action=delete">Delete this user</a></li>
</ul>

<?php
		page_section();
	}
} else {
page_section("Registered users");
?>

<table width="100%">
	<tr>
		<td><b>User name</b></td>
		<td width="200"><b>E-mail address</b></td>
		<td width="100"><b>Level</b></td>
		<td width="100"><b>Post count</b></td>
		<td width="200"><b>Member since</b></td>
		<td width="100">&nbsp;</td>
	</tr>
<?php

$users = db_query("SELECT * FROM `" . config_get("db_prefix") . "users` ORDER BY `RegisterTime` ASC;");
while($user = db_fetch_assoc($users))
{
	print "<tr><td>" . htmlentities($user['Username']) . "</td><td>" . htmlentities($user['Email']) . "</td><td>" . ($user['Level'] != 0 ? ($user['Level'] == 1 ? "Moderator" : "Administrator") : "Normal user") . "</td><td>{$user['PostCount']}</tD><td>" . date(config_get("DateString"), $user['RegisterTime']) . "</td><td align=\"right\"><a href=\"?id=" . urlencode($user['ID']) . "\">Edit user</a></td></tr>\n";
}

?>
</table>

<?php
page_section();
}

page_footer('$Id: page.admin.users.php 124 2007-09-05 23:38:11Z jonathon.keogh $');

?>